SafeTrans

LLM-assisted Transpilation from C to Rust โ€” a framework for automating C-to-Rust translation with iterative guided repair and security analysis.

Muhammad Farrukh1 ยท Baris Coskun2 ยท Tapti Palit3 ยท Michalis Polychronakis1

1 Stony Brook University ยท 2 Amazon Web Services ยท 3 UC Davis

Read Paper GitHub ACM DL

Overview

Rust is a strong contender for a memory-safe alternative to C as a "systems" language, but porting the vast amount of existing C code to Rust remains daunting. In this paper, we evaluate the potential of large language models (LLMs) to automate the transpilation of C code to idiomatic Rust. We present SafeTrans, a generic framework that leverages LLMs to (i) transpile C code into Rust, and (ii) iteratively repair compilation and runtime errors. A key novelty of our approach is a few-shot guided repair technique for translation errors, which provides contextual information and example code snippets for specific error types, guiding the LLM toward the correct solution. Another novel aspect of our work is the evaluation of the security implications of the transpilation process, showing how some vulnerability classes in C persist in the translated Rust code. SafeTrans was evaluated with six leading LLMs on 2,653 C programs and two real-world C projects. Our results show that iterative repair improves the rate of successful translations from 54% to 80% for the best-performing LLM (gpt-4o).

Numbers

At a Glance

๐Ÿ”ฌ
0
Total Translations
across all LLMs and programs
๐Ÿ“„
0
C Programs Evaluated
from the CodeNet dataset
๐Ÿค–
0
LLMs Benchmarked
GPT-4o, DeepSeek, Llama3 & more
๐Ÿ“ˆ
0
Peak Translation Success
up from 54% baseline (gpt-4o)
๐Ÿ”ง
0
Compilation Repair Rate
gpt-4o with guided repair
๐Ÿ›ก๏ธ
0
Vulnerabilities Analyzed
in source C programs

Framework

Methodology

SafeTrans orchestrates a four-phase automated pipeline to translate C programs into idiomatic, safe Rust.

SafeTrans methodology diagram โ€” Base Transpilation, Compilation Validation, Compilation Repair, and Runtime Testing phases
1
Transpilation
An LLM receives the C source code and generates an initial Rust translation, instructed to produce safe, idiomatic Rust without unsafe blocks.
2
Compilation
The translated Rust code is compiled with rustc. Successful binaries advance to validation; failures trigger the repair phase.
3
Iterative Repair
Basic Repair feeds compiler errors back to the LLM iteratively (up to 5 rounds). Guided Repair then augments prompts with error-specific instructions and few-shot examples targeting the top-8 persistent Rust error types.
4
Validation
The compiled Rust program is executed against the original C program's unit tests. Runtime or test-case failures trigger another iterative repair cycle with dynamic error feedback.

Evaluation

LLM Performance Comparison

Compilation repair rate and final translation success rate across six LLMs after the complete SafeTrans pipeline.

LLM Base CA Final CA Improvement Repair Rate Success Rate
GPT-4o Best 54% 80% +26% 93.5%
80%
DeepSeek-V3 49% 79% +30% 89.8%
79%
Codestral ~44% ~66% +22% 85.8%
~66%
DeepSeek-Coder ~15% ~34% +19% 55.6%
~34%
Qwen2.5-Coder ~17% ~34% +17% 62.5%
~34%
Llama3 (70B) ~9% ~21% +12% 58.1%
~21%

๐Ÿ† Key Finding: Guided Repair Works

Combining basic and guided repair achieves up to 25% improvement in computational accuracy for top LLMs. Even smaller models nearly double their success rate, demonstrating broad applicability of the approach.

๐Ÿ” Key Finding: Scalability

SafeTrans was evaluated on two real-world libraries (url_parser and avl_tree). Unlike competing tools, SafeTrans successfully compiles both while producing fully safe Rust without unsafe blocks.

Security Analysis

Vulnerability Implications

SafeTrans uniquely evaluates the security implications of C-to-Rust transpilation, examining how memory vulnerabilities in C programs behave in translated Rust code.

๐Ÿ”
10,375 Vulnerabilities Found
We identified 10,375 vulnerabilities in the 2,653 source C programs, including out-of-bounds accesses, null-pointer dereferences, and use-after-free bugs.
โš ๏ธ
Persistence in Rust Translations
Some vulnerability classes present in C code persist in the translated Rust programs, demonstrating that LLM-generated translations require further processing to mitigate source program vulnerabilities.
๐Ÿ”ฌ
Novel Security Perspective
Unlike prior transpilation studies focused solely on correctness, SafeTrans is the first to systematically evaluate the security implications of LLM-based C-to-Rust translation at scale.

Citation

Cite SafeTrans

If you use SafeTrans in your research, please cite our paper.

BibTeX 
@inproceedings{farrukh2026safetrans,
  author    = {Farrukh, Muhammad and Coskun, Baris and Palit, Tapti and Polychronakis, Michalis},
  title     = {SafeTrans: LLM-assisted Transpilation from C to Rust},
  booktitle = {Proceedings of the 1st Workshop on Code Translation, Transformation, and Modernization (ReCode '26)},
  year      = {2026},
  doi       = {10.1145/3786180.3788317},
  publisher = {ACM},
  address   = {Rio de Janeiro, Brazil}
}